Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
10
Helpful
7
Replies

Cisco ASA

Ivan Adji - Krstev
Level 1
Level 1

‎05-14-2015 01:32 AM - edited ‎03-05-2019 01:27 AM

Hi all,

I would like to know is it possible to create WAN failover load balancing, and is this coming with the basic licence or need other licencing ? Also what will be the configuration of this kind of scenario ?

 

Ivan

Labels:
0 Helpful
7 Replies 7

Karsten Iwen
VIP
VIP

‎05-14-2015 02:27 AM

You can do WAN failover but the load balancing is limited. At least it's possible with the policy-based routing in 9.4(1). For the 5505, a SecPlus-License is needed for failover, all bigger models have it included (not sure about the 5506-X).

Here is an example of basic failover:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70559-pix-dual-isp.html

Ivan Adji - Krstev
Level 1
Level 1
In response to Karsten Iwen

‎05-14-2015 02:48 AM

Hi Karsten,

Thank you for answering. I'm trying to get in touch with the seals guys and all numbers are wrong ( phone numbers that im looking from the cisco.com > contact page ). I'm compering the models now but it will be much faster and easy if i get some one from cisco sales guys to call me or answer the phone :)..

So as i understand, for the WAN failover to work with 5505 the SecPlus-License is needed. And the bigger models they already have this future in or they need a licence too ? And is there an option for the load balancing to work with the same 5505 but extra licence or some other kind of license ?

0 Helpful

Karsten Iwen
VIP
VIP
In response to Ivan Adji - Krstev

‎05-14-2015 03:04 AM

The 5505 is only an option for using it with failover if you already have one. EOS is approaching on this device and you shouldn't buy it any more. Only buy one of the -X models. All -X models (needs to be confirmed for the 5506-X with the Base license) support both WAN-failover as well as load-sharing with policy-based routing. But you need a very new release for the PBR.

0 Helpful

Ivan Adji - Krstev
Level 1
Level 1
In response to Karsten Iwen

‎05-14-2015 04:28 AM

Hi,

"The 5505 is only an option for using it with failover if you already have one."

We have an old ASA 5505 that we are not using it. And in the other office we have Sonciwall that we like to change with this ASA 5505. But this ASA we never use this failover and we like to start using it. Can we do it with just placing the licencing ?

0 Helpful

Karsten Iwen
VIP
VIP
In response to Ivan Adji - Krstev

‎05-14-2015 04:52 AM

Look at the output of "show version". If it shows you "Security Plus" then you can use WAN-failover. If you only have the Base-Version, then you need the SecPlus-License. But I wouldn't invest any more money in an ASA 5505.

Ivan Adji - Krstev
Level 1
Level 1
In response to Karsten Iwen

‎05-16-2015 06:19 AM

Hi Karsten,

Thank you for answer me. I have one more question. We have old Sonicwall that need to be replace with this ASA. There i have two WAN links that need to be used as WAN failover. But i will have to build VPN tunnels with this two links to our office. So my plane was to put one link configured and established VPN connection and than put the other one. So do you have any other idea how to do this without downtime or something ? Some hints/tips will be welcome.

 

 

0 Helpful

Karsten Iwen
VIP
VIP
In response to Ivan Adji - Krstev

‎05-16-2015 06:43 AM

Building a migration-plan for near-zero downtime is very much work.

I would configure the 5505 as a replacement, test it in a lab with some spare systems attached and then replace it in a scheduled downtime.

0 Helpful
Customers Also Viewed These Support Documents